Norwich University is second and Mississippi State is third in HP-sponsored survey

The University of Texas at San Antonio (UTSA) tops a somewhat unexpected list of schools that are considered by security practitioners as the best in the country for cybersecurity courses and degree programs.

In a Hewlett-Packard-sponsored survey of about 2,000 certified IT security professionals, UTSA's 14 undergraduate and graduate programs in areas such as digital forensics, secure design and intrusion detection and response, were ranked first for academic excellence and practical relevance.

The experience and expertise of program faculty and the school's professional reputation within the security community were also factors that contributed to the school's top ranking.

Norwich University, a private military college in Northfield, Vt., garnered the second spot, while Mississippi State University near Starkville was third. Norwich's Computer Science and Information Assurance (CSIA) program and Mississippi State's Center for Computer Security Research are National Security Agency-certified centers of academic excellence in information security.

Rounding out the top 10 were Syracuse University and Carnegie Mellon University, which tied for the fourth spot; Purdue University was fifth; the University of Southern California, the University of Pittsburgh and George Mason University were in a seventh place tie. Eighth place went to West Chester University, in West Chester, Penn., while the U.S. Military Academy at West Point and the University of Washington in Seattle completed the list.

The Ponemon Institute, which conducted the survey for HP, compiled the list of top schools based on responses from 1,958 security practitioners, about 65% of whom identified themselves as being at a supervisory level.

Survey participants were given a list of 403 educational institutions and were asked to select and rank up to five of the institutions in descending order of preference. Respondents were then asked to rate each school's program based on their perceptions about the school's academic rigor, faculty quality and other measures.

Schools were assigned weighted scores based on how often survey respondents selected each school, the order in which they were ranked by each respondent and overall perceptions about program quality.

For instance, 98 respondents selected the University of Texas, San Antonio, as one of their top schools for cybersecurity. Of those, 90 ranked it as their first choice. The school also got an average score of 9.40 on a scale of 1 to 10 for program quality, putting it on top of the list.

Similarly, about 91% of the 69 respondents who selected Norwich in their top five list also ranked the university as their top pick and give it an average score of 9.2 for program quality.

The numbers for each of the top ranking schools, by themselves, are relatively small. For instance, only 90 individuals out of the total sample size of more than 1,950 individuals selected UTSA as the number one choice, but that was enough to make it the top school on the list.

It's also unclear how knowledgeable the survey respondents were about each school's cybersecurity programs or how much they might have been influenced by either a positive or a negative experience with a university.

Even so, the survey responses paint a fairly clear picture of what IT security practitioners view as the best schools for cybersecurity in the U.S., said Larry Ponemon, founder of the Ponemon Institute.

The numbers for the top-ranked schools are large enough to show the ratings are consistently positive, Ponemon said. "It shows those particular schools stand out from other schools in the whole area of cybersecurity education," Ponemon said. The results are an unambiguous indicator of educational quality and student performance, he said.

Most the schools that cracked the top-10 list are NSA and Department of Homeland Security-certified centers of academic excellence, Ponemon said. Their curriculums address both technical and theoretical issues in cybersecurity, undergraduate and graduate level programs and hands-on learning opportunities. Typically, schools in the top 10 list also tend to have faculty members who are leading practitioners or researchers in the field of cybersecurity.